Resources
The Unsecured Age of Agentic Engineering

"I Ship Code I Don't Read" - Welcome to the Unsecured Age of Agentic Engineering

Article Brought to you by:
Uri Shamay
Team8 CTO
Team8
February 4, 2026

Introduction: Wait, What?!

"I ship code I don't read."

That's what Peter Steinberger, creator of OpenClaw (formerly: Clawd), said in a two-hour interview.

The result? 6,600 commits in January. Solo.

This isn't a typo. It's not an exaggeration. It's a completely new way of working that challenges everything we thought we knew about software development.

Full interview on The Pragmatic Engineer

How Does This Actually Work?

Steinberger isn't just "using AI for coding." He's built an entire workflow around autonomous agents:

  • 5-10 agents running in parallel - one main project and several smaller ones on the side
  • Long conversations before any task begins - he doesn't fire off a prompt and wait. He manages an extended dialogue with the agent, challenges it, pushes back, until the plan is crystal clear. Only then does he let it loose
  • A closed loop of writing and testing - the agent writes code, writes tests, runs them, fixes issues. This loop eliminates the need to read the code itself
  • No traditional CI/CD - if tests pass locally, the code gets merged

The Mindset Shift

The biggest change isn't technological - it's cognitive. Steinberger describes several counterintuitive insights:

This Isn't "Vibe Coding"

He calls it "Agentic Engineering" and claims it's actually more exhausting than regular coding. You're not passively prompting - you're actively managing, negotiating, and steering.

Learn the Agent's Language

Instead of getting frustrated when an agent doesn't do what you wanted, talk to it. Understand how it interpreted the task. Learn to speak its language. The collaboration improves dramatically when you meet it halfway.

Read the Prompt, Not the Code

He prefers reading the prompt over reading the code. The prompt gives signals that are just as important - maybe more. It reveals intent, constraints, and context in ways raw code doesn't.

Build and Test in Minutes, Not Days

Why spend days planning when you can build a prototype and test results in minutes? The feedback loop has collapsed from weeks to hours.

Who Thrives in This World?

Here's Steinberger's observation: people who don't obsess over how things work internally, and get more excited about building - succeed more with this approach.

This works incredibly well for experimental projects that move fast toward a specific goal. Goals that previously required specialized knowledge and significant time investment can now be reached by someone willing to orchestrate agents effectively.

But the question remains: what happens when it's not an experimental project?

The Unsecured Loop: Who Watches the Watchers?

Let's talk about what's troubling here - and there's a lot.

The entire system rests on one critical assumption: that the tests cover what they need to cover.

Think about it:

  • The agent writes the code
  • The agent writes the tests
  • The agent runs security checks
  • The agent validates everything

The loop is closed. But who validates that the loop itself is correct and secure?

This essentially means trusting the model as an oracle. You're betting that an AI system can fully verify its own work - an assumption that should make any security-minded person uncomfortable (understatement).

The Security Implications

When humans don't read code before shipping:

  • Vulnerabilities can slip through that tests weren't designed to catch
  • Malicious patterns could theoretically be introduced (especially with compromised models or prompts)
  • Technical debt accumulates invisibly - if no one understands the codebase, no one can maintain it
  • Compliance and audit trails become murky at best

The Bottom Line

We're living in a strange and amazing time.

Agentic engineering represents a genuine paradigm shift - not just in tooling, but in what it means to be a developer. The productivity gains are real and staggering. The creative possibilities are expanding.

But as we rush to embrace this new world, we need to ask hard questions:

  • How do we verify what we don't read?
  • How do we secure what we don't understand?
  • How do we maintain what no human has reviewed?

The technology is racing ahead. Our frameworks for thinking about trust, verification, and security need to catch up.

Table of contents

Heading 2
Heading 3
More Reads

Threat detection frameworks

Step-by-step instructions for identifying and responding to attacks

Akeyless
February 3, 2026
Suresh Sathyamurthy
Chief Marketing Officer

OpenClaw: Security Wake-Up for AI Agents

OpenClaw signals autonomous AI agents create critical identity security risks; CISOs must prioritize visibility and just-in-time access.
Read more
OpenClaw
Ox Security
February 3, 2026
Nir Zadok
Ox Security Researcher

Uninstalling OpenClaw Isn't Enough.

Do not just delete OpenClaw. Common uninstall methods leave credentials and full access behind.
Read more
Charm Security
February 3, 2026
Aviv Nahon
Senior Data Scientist

Stable Decisions in Probabilistic AI-agents systems

How structured ML models add calibrated belief, uncertainty tracking, and action selection to make LLM-driven agents efficient, stable, and auditable.
Read more
View all

Stay informed on threats

Get the latest security insights delivered straight to your inbox each week.

By subscribing you agree to our Terms and Conditions and Privacy Policy.
Thank you for signing up with us.
Something went wrong. Please try again.